QA:Testcase firewalld with network service

Contents

Description

This is the test case to check if firewalld and the legacy network service (aka initscripts) are working together.

Firewalld needs NetworkManager, which tells firewalld what network interface belongs to which zone.
Firewalld is however able to run without NetworkManager (with legacy network service),
but there's one issue. The legacy network service is just a set of scripts and not a running service
so it's not able to notice firewalld's restart and
react to it (by telling firewalld which interface belongs to which zone) as NetworkManager does.
The consequence of restarting (or starting after boot) firewalld when there's no running NetworkManager is
that there are no active zones, i.e. your network interface(s) no longer belong to any zone,
see https://bugzilla.redhat.com/show_bug.cgi?id=821938.
Work-around is to either restart the network service too or to manually add the interface to zone.

How to test

1. Stop NetworkManager

systemctl stop NetworkManager.service

Use ip command to see if the wired interface is still UP:

ip link show em1

If the wired interface (using em1 as an example here) is UP and running, please stop it:

ip link set dev em1 down

Do not shut down the lo interface.

Restart firewalld to make sure that there are no active zones:

systemctl restart firewalld.service

Get list of active zones:

firewall-cmd --get-active-zones

This list should be empty.

2. Start network service

systemctl start network.service

The interface should be again UP now.
If it's not then it's probably something wrong with /etc/sysconfig/network-scripts/ifcfg-em1